HomeAssistant+frp+NGINX+HTTPS

背景

使用https将本地的HomeAssistant服务转发到公网上,实现远程https和无端口访问。当然也可以转发任意其他服务。

有公网IPA.B.C.D的设备,一般是类似阿里云主机这种,或者是自己家中有公网IP,在家中搭建了服务器。此处默认公网IP在阿里云主机。家中树莓派为内网。

本地树莓派在局域网内运行HomeAssistant192.168.1.233:8123

公网服务器安装配置FRPS

FRP项目地址
安装教程

###frps.ini###
[common]
bind_addr = 0.0.0.0
bind_port = 7000
vhost_http_port = 7080
vhost_https_port = 7443
dashboard_port = 7500
dashboard_user = your_account
dashboard_pwd = your_pwd
authentication_timeout = 900
token = your_token
###frps.ini###

内网服务器安装配置FRPC

安装及配置同上

###frpc.ini###
[common]
server_addr = <A.B.C.D>
server_port = 7000
token = your_token
[homeassistant]
type = tcp
local_ip = 127.0.0.1
local_port = 8123
remote_port = 9000
custom_domains = your_website.com
###frpc.ini###

公网服务器安装配置NGINX

cd ~
cd software
apt update
apt upgrade
apt install nginx

NGINX开机启动

systemctl enable nginx

ssl证书的申请和下载

NGINX的配置文件在/etc/nginx下

cd /etc/nginx
cd sites-enabled

#新建一个配置文件,文件名可以为网站的域名
touch your_website.com
nano your_website.com

your_website.com文件的配置:

server {
  listen 80;
  server_name your_website.com;
  location / {
    rewrite ^ https://your_website.com$request_uri?   permanent;
  }
}

server {
  listen 443;
  server_name your_website.com;
  ssl on;
  ssl_certificate cert/your_website.com.pem;
  ssl_certificate_key cert/your_website.com.key;
  ssl_session_timeout 5m;
  ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
  ssl_ciphers AESGCM:ALL:!DH:!EXPORT:!RC4:+HIGH:!MEDIUM:!LOW:!aNULL:!eNULL;
  ssl_prefer_server_ciphers on;
  proxy_set_header X-Forwarded-For $remote_addr;
  location /api/websocket {
  #端口写的和frpc.ini中一致
  proxy_pass http://127.0.0.1:<b>9000</b>/api/websocket;
  proxy_read_timeout 60s;
  proxy_set_header Host $host;
  proxy_set_header X-Real_IP $remote_addr;
  proxy_set_header X-Forwarded-for $remote_addr;
  proxy_http_version 1.1;
  proxy_set_header Upgrade $http_upgrade;
  proxy_set_header Connection 'Upgrade';
}
location / {
  proxy_set_header X-Forwarded-For   $proxy_add_x_forwarded_for;
  proxy_set_header Host $http_host;
  proxy_buffering off;
  proxy_pass http://127.0.0.1:9000;
  }
}

检查NGINX配置文件是否正确

nginx -t

加载NGINX配置文件

nginx -s reload

访问

https://your_website.com